Employee working on a computer

Cyber-security: How safe is your organisation?

Cyber security was thrust into the spotlight when a ransomware attack on an NHS IT provider threatened to disrupt digital services such as patient check-ins and NHS 111.

A ransomware attack is where hackers take control of IT systems to steal data and demand payment from their victims to recover it.

The firm at the centre of the attack refused to confirm whether it had negotiated with the hackers or paid a ransom. However, it did indicate it would take up to four weeks to recover.

The incident is a clear example of the potential damage and chaos that a cyber-attack can inflict and highlights the magnitude of cyber security.

THIS – at the vanguard of cyber security

The Health Informatics Service (THIS) is at the vanguard of cyber security for its host trust, the Calderdale and Huddersfield NHS Foundation Trust (CHFT) and 59 clients across the healthcare sector.

Its Cyber Security Team helps to protect approximately 15,000 devices used by 19,000 people working within CHFT and a spectrum of clients ranging from prison healthcare service providers to GPs’ surgeries.

THIS is the only NHS informatics service to hold three ISO standards relating to cyber security and data protection: ISO 27001 Information Security Management, 9001 Cyber Management and 20000-1 Information Technology Service Management. It is compliant with the NHS Digital/NHS England Data Security and Protection Toolkit (DSPT) and its cyber security training is NHS Digital/NHS England mandated.

In one two-month period, CHFT was the target of 46,600 phishing emails and 34,600 spam emails that resulted in 1,658 malicious websites being blocked, and the thwarting of 1,432 malware attacks.

Building up a security posture

How much protection a healthcare organisation requires depends on the amount and type of data it handles, particularly if it includes patient data. 

Paul Glover, of THIS’ Cyber Security Team, recommends the National Cyber Security Centre (NCSC) 10 steps to cyber security as a good starting point. It includes advice on the management of risks, assets, vulnerability, identity and systems access, training and data security.

He says: “Acquiring a good security posture doesn't mean your organisation is completely impenetrable from a cyber-attack. It means the impact is likely to be less than if you'd done nothing.

“The other part of the equation is understanding that if, or when, you are attacked what is your response will be? How are you going to keep running your organisation while it’s suffering from a cyber-attack?”

Back-up plan and incident response

Malware is evolving constantly. Paul Glover likens it to different variants of a virus and how symptoms can change with different mutations.

He says: “What the virus creators do now is create it so that it changes every time it infects a PC. We use next generation antivirus software that looks at the behaviours of the malware instead of looking at the signature.

“Modern antivirus firewalls, intrusion prevention systems, antivirus web security and email security help us to stay ahead of the game.”

Backing up data is an important step to keep it safe, as is having an incident response strategy to be as well prepared as possible.

Recognising the threat and where it comes from…

A common perception of a cyber security attack is one of the hackers breaking through firewalls. But sometimes the threat can come from close to home.

Paul Glover: “There is a threat that comes from inside an organisation. NHS staff have access to some critical information. Someone could sell data or leak it to the internet. But it can happen unwittingly. Social engineering (the term used for a range of malicious activities that trick system users into making security mistakes or giving away sensitive information) is another big risk.”

Providing protection against cyber sabotage

THIS provide services to support the protection against cyber attacks such as healthcare & NHS information governance and other cyber security support services.

You can read our in-depth white paper on Cyber-security: How safe is your organisation or if you’d like to discuss your requirements, contact us.

NHE Nov/Dec 2023

NHE Nov/Dec 2023

AI is key in helping dementia patients live independently for longer.

The Nov/Dec 2023 edition of NHE brings you expert comment and analysis on a range of key health sector topics, from digital transformation to navigating post-pandemic challenges.


View all videos
National Health Executive Presents

National Health Executive Presents

NHE365 Virtual Events

NHE has created a full calendar of events to address the most important issues that influence the delivery of healthcare services. Over 365 days you'll have the opportunity to hear from a range of highly motivating, informative and inspirational speakers. These speakers will equip you with the knowledge and unique insight to enable you to overcome the challenges that you face.

National Health Executive Podcast

Ep 39.
What makes a good NHS manager? with Anthony Painter, Director of Policy at Chartered Management Institute (CMI)

In episode 39 of the National Health Executive podcast, we were joined by Anthony Painter, who is the director of policy at the Chartered Management Institute (CMI), to discuss all things management within the UK health sector and NHS.

During the podcast, Anthony shared some of the recent research CMI conducted in partnership with the Social Market Foundation, which centred around the state of management and leadership within the NHS.

More articles...

View all